How To Write Your Own SSL Certificate in 15 minutes

How To Write Your Own SSL Certificate in 15 minutes

All major sites have long switched to the https protocol. The trend continues, and many of our readers interested to secure their website to work on a secure protocol. And if a backend is developed for a mobile application, then https is required. For example, Apple requires that the server’s data exchange with the application is done via a secure protocol. This requirement was introduced from the end of 2016.

On production, there are no problems with certificates. Usually, the hosting provider provides a convenient interface for connecting the certificate. Issuing a certificate is also not a difficult matter. But while working on the project, each developer should take care of the certificate himself.

In this article, I’ll show you how to release a self-signed SSL certificate and get the browser to trust it.

To issue a certificate for your local domain, you will need a root certificate. On its basis, all other certificates will be issued. Yes, for each new top-level domain, you need to issue your own certificate.

Notes: Someone might even say that It’s easier to buy any cheap Domain Name and get a certificate from Letsencrypt for free than to deal with this nonsense. But this article was specifically written for those developers how are interested in creating their own product and loves to experiment with a couple lines of code.

Getting a root certificate is quite easy.SmartSpate

First, form the private key:

openssl genrsa -out rootCA.key 2048

Then the certificate itself:

We pass to the main thing, the release of a self-signed certificate. As with the root, these are two teams. But the parameters for the teams will be much larger. And we need an auxiliary configuration file. Therefore, we will write all this in the form of bash script create_certificate_for_domain.sh

The first parameter is mandatory, we will derive a small instruction for the user.

Now, creating a CSR file (Certificate Signing Request) based on the key. More information about the certificate request file can be found in this article.

Form the certificate file. To do this, we need an auxiliary file with the settings. In this file, we will write the domains for which the certificate will be valid and some other settings. Call it v3.ext. Pay your attention that this is a separate file, not part of the bash script.

The script is ready. Now, time to run it:

Now, you need to specify the web server paths to these files. For nginx, this would look like this:

Launch the browser, open https: //mysite.localhost and see:

The browser does not trust this certificate. How to be?

It is necessary to note the certificate issued by us as Trusted. On Linux (Ubuntu and, probably, other Debian-based distributions) this can be done through the browser itself. In Mac OS X, this can be done through the Keychain Access application. Run the application and drag the file mysite.localhost.crt to the window. Then open the added file and select Always Trust:

We update the page in the browser and:

Success! The browser trusts our certificate.

A certificate can be shared with other developers so that they add it to themselves. And if you use Docker, then the certificate can be saved there.

The Founder of Smart Spate. His role involves creating work to the highest standards, supporting other members of the team, and researching techniques and systems to keep SmartSpate at the forefront of digital. We spent a lot of time making sure that the topics were high quality and with the most informative approach.
He has an unhealthy love for Web Developing/Design and IT filed in general, he enjoys exploring the ever-changing world of web developing.

Find Us At:

error: This Content is Protected! All Rights belong to Smart Spate Ltd.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. For information on a cookie and how it impacts on users, you can visit our Privacy Policy and Cookie Policy.AcceptCloseRead more